Security Education & Training
RSS

5 minutes with Ian Thornton-Trump, CISO of Cyjax

November 25, 2020

Meet Ian Thornton-Trump. He is the Chief Information Security Officer at Cyjax, and an ITIL certified IT professional with 25 years of experience in IT security and information technology. As CISO Cyjax, Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cybersecurity consultant specializing in cyber threat intelligence programs for small, medium and enterprise organizations. In his spare time, he teaches cybersecurity and IT business courses for CompTIA as part of their global faculty and is the lead architect for Cyber Titan, Canada's efforts to encourage the next generation of cyber professionals.

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Packet capture and analysis: The force multiplier in the cybersecurity battle

Jeremy Leasher

November 25, 2020

For organizations experiencing data breaches, the consequences are considerable, especially for security operations. IBM reports that over 25,000 data records are stolen with the average data breach, and costing the targeted company as much as $8.64M per breach in the United States. And it takes on average a staggering 280 days between identifying and containing a data breach (known as the breach cycle). So why is it so hard to fight this digital war, and why is the breach cycle so long?

Why application-layer security is critical in preventing data breaches

Wias Issa

November 25, 2020

Stories about cyberattacks and security breaches are popping up more and more frequently in the news and it seems as though no company is immune to the sophisticated strategies hackers use to obtain high value confidential data. These data hacks result in bad PR, lost customer trust, possible fines, and potentially ruined reputations. Needless to say, it should have you questioning whether or not your data is properly protected, and the answer is — it’s probably not.

The cult of the search in open-source intelligence

Daniil Davydoff

November 24, 2020

Open-source intelligence (OSINT) is having a moment. Just a few years ago, presentations on OSINT began with a quote from one of a few different senior intelligence community officials who reportedly said that somewhere between 80-90% of valuable information comes from public sources. Many presentations today start similarly, but OSINT no longer needs the validation of government greats. Films like Searching and Don’t f**ck with Cats have introduced the discipline to a wider audience, organizations such as Trace Labs host popular OSINT competitions for the common good, and the investigators associated with the website Bellingcat are now media fixtures.

Toronto Metrolinx staged mock disaster complete with simulated fatalities

Metrolinx in Toronto holds mock disaster training for bus depot

November 23, 2020

In preparation of opening a new bus depot in Toronto, Metrolinx staged a mock disaster that included included response from several agencies throughout the city, as well as served to test the company's systems in place.

How the Security Operations Center Can Create Customer Confidence

Curiosity, creativity, collaboration: The human elements of the SOC

Chris Calvert

November 23, 2020

Machines are better at speed and scale than humans. But humans have the edge over machines at thinking outside of the box, using their curiosity and creativity to come up with solutions, and reasoning that machines cannot define or replicate. When it comes to security operations, humans and automation are the duo that’s stronger and more effective in partnership than when they’re apart. Using extended detection and response (XDR) can bring these skills to the forefront of the Security Operations Center (SOC), leaving the repeatable, boring tasks to the machines and allowing for these human traits to shine.

More than 2.5 million people use "123456" as their password

If your password is 123456, it's time for an update

November 20, 2020

A new report from NordPass finds that more than 2.5 million people are using 123456 as their password.

Duke Energy announces new CSO and other leadership changes

November 20, 2020

Duke Energy, a Fortune 150 company headquartered in Charlotte, N.C., named Keith Butler as Senior Vice President and Chief Security Officer. He is currently senior vice president, global risk management and insurance, chief risk officer and acting chief ethics and compliance officer. The company also named new leaders in the critical areas of corporate security, risk management and ethics and compliance.

If Michael Jordan is zero trust, then identity governance is Scottie Pippen — Why cybersecurity is a team sport

Grady Summers

November 20, 2020

Basketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!).

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

Analyzing the EDPB’s draft recommendations on supplementary measures

In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.

David M. Stauss

November 20, 2020

In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.

OSHA fines grab headlines, but most compliance issues start with everyday operational gaps: missed protocols, unsecured areas, or slow response. Learn how emerging technologies & AI can be leveraged towards a more proactive model of compliance.

Security teams have never had more visibility. We’ll explore how a new decision layer is helping security teams move from detection to decision. Turn alerts into decision-ready context, reducing reliance on manual triage and enabling faster action.

Security Education & Training
RSS

5 minutes with Ian Thornton-Trump, CISO of Cyjax

Packet capture and analysis: The force multiplier in the cybersecurity battle

Why application-layer security is critical in preventing data breaches

The cult of the search in open-source intelligence

Metrolinx in Toronto holds mock disaster training for bus depot

Curiosity, creativity, collaboration: The human elements of the SOC

If your password is 123456, it's time for an update

Duke Energy announces new CSO and other leadership changes

If Michael Jordan is zero trust, then identity governance is Scottie Pippen — Why cybersecurity is a team sport

Analyzing the EDPB’s draft recommendations on supplementary measures

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

Security Education & Training RSS

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

Security Education & Training
RSS